Dependency Audit
Severity count tiles above a vulnerability table with package names, advisory ids, installed and patched versions, and an update action.
Severity count tiles above a vulnerability table with package names, advisory ids, installed and patched versions, and an update action.
The source for every Application block is included with Basic and Pro. Pick a plan to copy the code.
Already purchased? Log in
Dependency Audit is the vulnerability report for acme-app, summarising 214 packages scanned from the lockfile against 21 matched advisories. Four severity tiles across the top count critical, high, moderate, and low findings. Below them a table lists five vulnerabilities, each row carrying the package name in monospace with a direct or via require chain, a severity Badge, the advisory id and title, the installed version, the version it is patched in, and an action cell. Fixable rows expose an Update button while the cookie finding, which needs a major bump, shows a plain note instead.
The summary counts and the vulnerability list are two typed const arrays, and severityVariant is a Record that maps each level to a Badge weight without colour tokens. Transitive findings render their require chain under the package name so the source of an indirect advisory is never a mystery. The footer states that the audit runs on every install and nightly at 03:00 UTC, and that auto fix opens a pull request bumping each package to its minimum patched version before requesting review.
Reach for this block on the security or dependencies page, wired to your audit tooling and the project lockfile. Point the Update button at your fix workflow and confirm the resulting pull request runs the full test suite before anyone approves it.
A natural flow around it on an Application Pro page:
Before
After
One strong use is the lockfile vulnerability report. Other audit views:
Tip: the require chain under transitive packages is the detail that turns a vague advisory into a fix; keep it visible so no one hunts the lockfile by hand.